By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

As employees continue to use their own devices and personal applications for work purposes, more threats are introduced into the workplace, putting company networks at risk, the report said.

The report is based on analysis of more than 5.9 million mobile apps, 31,000 infections, nearly 125,000 lost device protection activations, and infection rates from millions of customers.

“Consumers are very trusting of mobile applications such as Facebook, Twitter and Angry Birds – they are apps they know and have used for some time. However, it is the thousands of unverified apps, often found on third-party markets or P2P networks, that put users at risk,” said Grayson Milbourne, security intelligence director at Webroot.

“The report shows that this line of thinking is dangerous. Poor app choices can lead to the compromise of an entire corporate network. The need to secure mobile devices will continue to grow as the discovery of new exploits and malicious apps increase – all driven by a clear focus on mobile platforms within the cybercrime community,” he said.

Webroot warns that the proliferation of mobile devices, particularly personal devices used in the work environment through BYOD schemes, can expose corporate networks to higher risk and the continued growth of the platform for Android is of particular concern.

The latest Webroot research data indicates an almost four-times increase in the volume of potentially threatening apps for Android in 2013, while a recent report from Strategy Analytics indicated Android powered 79% of all smartphones shipped during the same period.

“While allowing such devices to access company resources aids productivity, the increased potential for compromise opens up a risk vector for which IT personnel must take into account,” said Milbourne.

The rise in potentially threatening mobile applications reinforces the need for IT managers and employees to be aware of mobile threats, he said.

Webroot researchers recorded a 384% increase in total threats to Android devices in 2013 and found that 42% of applications for Android were malicious, unwanted, or suspicious.

By comparison, 92% of applications for Apple iOS devices were rated as benign, 1% were considerate to present a moderate threat and 7% were rated trustworthy.

“This is because iTunes has historically put applications through a rigorous vetting methodology, whereas third-party Android marketplaces, and to a certain extent Google Play have not,” the report said.

However, the Appthority Winter 2014 App Reputation Report notes that even though Apple prohibits iOS developers from accessing user ID information, 26% of the top iOS apps still do this, up from just 6% in the past year.

According to Appthority, 95% of the top 200 free iOS and Android apps exhibit at least one risky behavior, with 70% allowing location tracking, 69% allowing access to social networks, 56% identifying users, and 31% enabling address books and contact lists to be read.

Gaming applications and entertainment updates are responsible for the highest rates of infection, Webroot researchers found, but the report notes that no category of app is entirely risk free.

The report said users and system administrators must be educated on the threats facing their enterprises, and the security solutions that can be put into place to defend against them.

“Further mobile security education will result in safer application usage, better security-related decisions, and ensure that the reliability and convenience of mobile devices is not compromised,” the report said.

Best practices to protect mobile devices include:

Installing applications only from trusted sources such as Google Play and iTunes.

Paying very close attention to permission requests from new app installations.

Using lock screen facilties for both corporate-owned and personal devices

1 comment

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Why did the best practice advice omit identifying and registering the TCM module in the device so as to enable end to end secure communications. There appears to be a conspiracy of silence about the current state of play with regard to using the modules installed in most, but not all, recently sold mobiles to dramatically improve security at greatly reduced cost.

Is it because it wrecks so many current "surveillance" operations - those in support of advertising funding business models and not "just" those in support of state security services?

That was my personal conclusion after the recent Real Time Club Debate. My blog entry on the recent sale of NHS data contains a reprise of my opening arguments http://www.computerweekly.com/... but I would not dare incur the wrath of colleagues by reprising my version of the arguments that followed - other than to say that, given the wealth of security technologies that are not being effectively promoted or deployed, the conspiracy theorists have a very good case.

There appears to be a similar "conspiracy" to avoid covering the protection techniques that can be used by individuals to protect themselves, from those covering in my recent guest blog from John Walker http://www.computerweekly.com/... to simpler and more complex "solutions".

Instead we have impractical and/or meaningless advice. How does teh average us identify whether a website or app is trustworthy - as opposed to one which pays fees/royalties to their ISP, Search Engine or their major customers.